BACKPORT: arm64: add seccomp support

secure_computing() is called first in syscall_trace_enter() so that
a system call will be aborted quickly without doing succeeding syscall
tracing if seccomp rules want to deny that system call.

On compat task, syscall numbers for system calls allowed in seccomp mode 1
are different from those on normal tasks, and so _NR_seccomp_xxx_32's need
to be redefined.

Signed-off-by: AKASHI Takahiro <>
Signed-off-by: Will Deacon <>

Bug: 28020023
Patchset: seccomp

(cherry picked from kernel/msm commit 5482d510aa273856d5e3e2cddb67090006ee6425)
Signed-off-by: Kees Cook <>
Change-Id: I7dc92cc96800451538ce215f13f60bbaf1397668
4 files changed